Hi all, I am currently trying to set up an isolated Networks with redundant routers in CloudStack 4.9.2, but fail to solve a problem:
Any time I start a virtual machine on the isolated network the virtual
router in the master role looses its service IP on the internal network.
A simple "service keepalived restart" fixes the IP setup.
/var/log/cloud.log on the respective router shows messages, that suggest
the IP is removed on purpose by the script "/opt/cloud/bin/cs/CsAddress.py".
The portion in the log is:
2017-10-21 10:40:44,253 CsHelper.py execute:184 Executing: ip addr show
dev eth0
2017-10-21 10:40:44,265 CsAddress.py is_guest_gateway:657 Checking if
cidr is a gateway for rVPC. IP ==> 10.1.2.1/32 / device ==> eth0
2017-10-21 10:40:44,266 CsAddress.py is_guest_gateway:660 Interface has
the following gateway ==> None
2017-10-21 10:40:44,277 CsAddress.py delete:676 Removed address
10.1.2.1/32 from device eth0
2017-10-21 10:40:44,278 CsAddress.py post_config_change:558 Not able to
setup source-nat for a regular router yet
After looking into CsAddress.py I have the impression, that the service
IP is not in the pool of expected IPs for the machine and therefore
deleted. Maybe I missed some configuration parameter, to let CloudStack
know, that it should not remove the service IP?
Can someone give some advice?
Greetings,
Melanie
-----
Below some data from my configuration that might be helpful:
The network from the API:
melaniedesaive@HS-X201-03 [2001] $ cloudmonkey -p ocl-admin -d json list
networks id=68198cf0-f61f-4dac-9d74-bfa21764717c
projectid=ce960375-6fd2-4e00-add2-9c8a644a24b9 listall=true
{
"count": 1,
"network": [
{
"acltype": "Account",
"broadcastdomaintype": "Vlan",
"broadcasturi": "vlan://580",
"canusefordeploy": true,
"cidr": "10.1.2.0/24",
"displaynetwork": true,
"displaytext": "Netz mit finalem Offering HA expliziter Gateway 2",
"dns1": "192.168.100.1",
"dns2": "192.168.100.1",
"domain": "Temp",
"domainid": "0a092d9b-b055-4c2f-82e5-4bbd21706273",
"gateway": "10.1.2.1",
"id": "68198cf0-f61f-4dac-9d74-bfa21764717c",
"ispersistent": false,
"issystem": false,
"name": "Netz mit finalem Offering HA expliziter Gateway 2",
"netmask": "255.255.255.0",
"networkdomain": "meltest.heinlein-intern.de",
"networkofferingavailability": "Optional",
"networkofferingconservemode": true,
"networkofferingdisplaytext": "Offering for Isolated networks with
Source Nat service enabled HA With redundant Routers",
"networkofferingid": "4aa7e796-d3f0-4696-89ad-708b956ce9c5",
"networkofferingname":
"DefaultIsolatedNetworkOfferingWithSourceNatServiceHA",
"physicalnetworkid": "f7a3527c-b5a9-4e04-9d15-5d22fe3c71f9",
"project": "Mel Diverses",
"projectid": "ce960375-6fd2-4e00-add2-9c8a644a24b9",
"related": "68198cf0-f61f-4dac-9d74-bfa21764717c",
"restartrequired": false,
"service": [
{
"capability": [
{
"canchooseservicecapability": false,
"name": "RedundantRouter",
"value": "true"
},
{
"canchooseservicecapability": false,
"name": "SupportedSourceNatTypes",
"value": "peraccount"
}
],
"name": "SourceNat"
},
{
"name": "PortForwarding"
},
{
"capability": [
{
"canchooseservicecapability": false,
"name": "AllowDnsSuffixModification",
"value": "true"
}
],
"name": "Dns"
},
{
"name": "StaticNat"
},
{
"name": "UserData"
},
{
"capability": [
{
"canchooseservicecapability": false,
"name": "VpnTypes",
"value": "removeaccessvpn"
},
{
"canchooseservicecapability": false,
"name": "SupportedVpnTypes",
"value": "pptp,l2tp,ipsec"
}
],
"name": "Vpn"
},
{
"capability": [
{
"canchooseservicecapability": false,
"name": "MultipleIps",
"value": "true"
},
{
"canchooseservicecapability": false,
"name": "SupportedTrafficDirection",
"value": "ingress, egress"
},
{
"canchooseservicecapability": false,
"name": "SupportedProtocols",
"value": "tcp,udp,icmp"
},
{
"canchooseservicecapability": false,
"name": "TrafficStatistics",
"value": "per public ip"
},
{
"canchooseservicecapability": false,
"name": "SupportedEgressProtocols",
"value": "tcp,udp,icmp, all"
}
],
"name": "Firewall"
},
{
"capability": [
{
"canchooseservicecapability": false,
"name": "SupportedStickinessMethods",
"value":
"[{\"methodname\":\"LbCookie\",\"paramlist\":[{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\"
\"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\"
\"},{\"paramname\":\"nocache\",\"required\":false,\"isflag\":true,\"description\":\"
\"},{\"paramname\":\"indirect\",\"required\":false,\"isflag\":true,\"description\":\"
\"},{\"paramname\":\"postonly\",\"required\":false,\"isflag\":true,\"description\":\"
\"},{\"paramname\":\"domain\",\"required\":false,\"isflag\":false,\"description\":\"
\"}],\"description\":\"This is loadbalancer cookie based stickiness
method.\"},{\"methodname\":\"AppCookie\",\"paramlist\":[{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\"
\"},{\"paramname\":\"length\",\"required\":false,\"isflag\":false,\"description\":\"
\"},{\"paramname\":\"holdtime\",\"required\":false,\"isflag\":false,\"description\":\"
\"},{\"paramname\":\"request-learn\",\"required\":false,\"isflag\":true,\"description\":\"
\"},{\"paramname\":\"prefix\",\"required\":false,\"isflag\":true,\"description\":\"
\"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\"
\"}],\"description\":\"This is App session based sticky method. Define
session stickiness on an existing application cookie. It can be used
only for a specific http
traffic\"},{\"methodname\":\"SourceBased\",\"paramlist\":[{\"paramname\":\"tablesize\",\"required\":false,\"isflag\":false,\"description\":\"
\"},{\"paramname\":\"expire\",\"required\":false,\"isflag\":false,\"description\":\"
\"}],\"description\":\"This is source based Stickiness method, it can be
used for any type of protocol.\"}]"
},
{
"canchooseservicecapability": false,
"name": "SupportedLbAlgorithms",
"value": "roundrobin,leastconn,source"
},
{
"canchooseservicecapability": false,
"name": "SupportedProtocols",
"value": "tcp, udp, tcp-proxy"
},
{
"canchooseservicecapability": false,
"name": "SupportedLBIsolation",
"value": "dedicated"
},
{
"canchooseservicecapability": false,
"name": "LbSchemes",
"value": "Public"
},
{
"canchooseservicecapability": false,
"name": "AutoScaleCounters",
"value":
"[{\"methodname\":\"cpu\",\"paramlist\":[]},{\"methodname\":\"memory\",\"paramlist\":[]}]"
}
],
"name": "Lb"
},
{
"capability": [
{
"canchooseservicecapability": false,
"name": "DhcpAccrossMultipleSubnets",
"value": "true"
}
],
"name": "Dhcp"
}
],
"specifyipranges": false,
"state": "Implemented",
"strechedl2subnet": false,
"tags": [],
"traffictype": "Guest",
"type": "Isolated",
"vlan": "580",
"zoneid": "cefbe74a-c906-43b8-8f2e-511cf1a6751d",
"zonename": "Office"
}
]
}
The network in the database:
mysql> select * from networks where name = "Netz mit finalem Offering HA
expliziter Gateway 2"\G;
*************************** 1. row ***************************
id: 264
name: Netz mit finalem Offering HA expliziter Gateway 2
uuid: 68198cf0-f61f-4dac-9d74-bfa21764717c
display_text: Netz mit finalem Offering HA expliziter Gateway 2
traffic_type: Guest
broadcast_domain_type: Vlan
broadcast_uri: vlan://580
gateway: 10.1.2.1
cidr: 10.1.2.0/24
mode: Dhcp
network_offering_id: 34
physical_network_id: 200
data_center_id: 1
guru_name: ExternalGuestNetworkGuru
state: Implemented
related: 264
domain_id: 3
account_id: 202
dns1: NULL
dns2: NULL
guru_data: NULL
set_fields: 0
acl_type: Account
network_domain: meltest.heinlein-intern.de
reservation_id: a85287c5-fe6a-4027-9033-58e02374660d
guest_type: Isolated
restart_required: 0
created: 2017-10-21 11:20:10
removed: NULL
specify_ip_ranges: 0
vpc_id: NULL
ip6_gateway: NULL
ip6_cidr: NULL
network_cidr: NULL
display_network: 1
network_acl_id: NULL
streched_l2: 0
redundant: 1
1 row in set (0.00 sec)
--
--
Heinlein Support GmbH
Linux: Akademie - Support - Hosting
http://www.heinlein-support.de
Tel: 030 / 40 50 51 - 0
Fax: 030 / 40 50 51 - 19
Zwangsangaben lt. §35a GmbHG:
HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin
signature.asc
Description: OpenPGP digital signature
